Shulou(Shulou.com)06/03 Report--

Ansible is actually an it OPS automation tool, which mainly completes the deployment of it infrastructure configuration applications. It can manage hundreds of hosts and thousands of hosts. What it always emphasizes is:

It's easy to use, so we can use it quickly, so we don't need good basic skills.

Simplicity-reduces the cost of learning: it deploys files using an easy-to-read description language.

No special coding skills are required: that is, it does not require that you can develop it, and you can quickly get started with it.

Tasks are executed sequentially: ansible execution is to execute your tasks from top to bottom, so it's easy to understand and write this configuration file.

Powerful-coordinate the application life cycle, because an application life cycle is divided into several phases, such as pulling code to build, then to deployment, and then to testing, the cycle of an application is something like this, and ansible can complete a series of tasks in this application cycle.

Application deployment

Configuration management

Workflow scheduling

We can write the configuration file through the previous stages, so that we can clearly see what the application is going to do, and according to what we do, we decompose it one by one.

This is the main function of ansible.

Agentless-predictable, reliable and secure

Agentless architecture, that is, installing ansible on a server without the need to install another agent on the client

Use openssh communication to ensure security

No agent maintenance cost

Compared with similar saltstack, Ansible is written using python. In the early years, the market share of saltstack far exceeded that of ansible, but in recent years, its market share far exceeded that of saltstack. In fact, the main reason is that it has something to do with this design pattern, because ansible initially pays attention to agentless architecture, while saltstack has to install an agent on the managed side, which is very simple, and it is necessary to consider later maintenance. Therefore, according to the current market demand, in many cases, some complex agent and other tools are installed on some machines. In the current enterprise it environment, a lot of agent is installed on each server, so it is possible to develop the monitored end agent and log agent, and then install some other agent later. To initialize four or five agent comfortably, a lot of extra load will be added over time. And it is not easy for us to manage the server in the later stage, so according to this situation, ansible uses a lot of it enterprises, and ansible is designed in this way under its own configuration, and according to this form to expand more modules and functions, and saltstack, although it has supported this agentless architecture, it is later supported, and it is still difficult for ansible to use with many features.

Architecture of Ansible

! []

Users is our administrator user, that is, we, we go to batch management of hosts, there are two ways, one is to execute commands, such as checking disk space.

The second way is for playbook to manage more complex tasks, such as the deployment of an application.

This ansible engine has four parts, the first is inventory, this is a list of managing our hosts, who you manage is reflected here, including the host's ip address, port, and account password are all typed and written in this inventory.

The second is ansible's Api, which has api for us to call. When we go to develop an automation platform for operation and maintenance, we can directly use ansible's api to complete your batch management without building wheels.

The third is that the module modules,ansible is an automation engine. Many of its functions are realized through modules. For example, to create a user, then it has this user account. Well, to manage a service, to start a service for such a long time, there is this service. It is emphasized that at the beginning, it has a lot of modules.

The fourth is plugins, and this is the plug-in, which is equivalent to ansible to complete some internal operations, such as how ansible manages these hosts, then it has a plug-in for contation to connect to your host through this plug-in, so this plugins is the core function of ansible, while the module is an extension function outside the core of ansible.

And ploybook can use these modules to write the life cycle of the application, which is equivalent to a text in which we have to type in what we need to do.

If you want to implement a function of a CMDB, the configuration center manages the database, this function records some information about some hosts in your it infrastructure, and through this information, it can be used by others and called by other projects. With ansible, you can quickly get this information, because ansible can obtain all the hardware resources and configurations of the current host on your target host. All kinds of information will be collected for you, just collect your data into your CMDB.

And ansible also has a lot of modules and plug-ins to interface with this cloud platform. Both private and public clouds will help us do something. This is an ansible architecture.

The administrator manipulates ansible,ansible to call some modules and plug-ins to read inventory's configuration host list and to manipulate the host group you operate.

Installation of Ansible

We can install it directly through yum.

[root@ansible ~] # yum-y install ansible

After installation, you will configure ansible. Here is the list of hosts for configuring ansible. You can write the password here, or you can log in without interaction in advance, or you can write ip directly.

[root@ansible ~] # vim / etc/ansible/ hosts [webservers] 10.4.7.12 ansible_ssh_user=root ansible_ssh_pass=66666610.4.7.21 ansible_ssh_user=root ansible_ssh_pass=666666

Add an interaction that does not require fingerprints to the commands we execute

[root@ansible ~] # vim / etc/ansible/ansible.cfghost_key_checking = False

Check the disk status of our multi-host nodes

[root@ansible ~] # ansible webservers-a "df-h" 10.4.7.12 | SUCCESS | rc=0 > > Filesystem Size Used Avail Use% Mounted on/dev/mapper/centos-root 50G 1.4G 49G 3% / devtmpfs 858M 0858m 0% / devtmpfs 870M 0870M 0% / dev/shmtmpfs 870M 8.4M 861M 1 % / runtmpfs 870M 0870M 0% / sys/fs/cgroup/dev/sda2 1014M 179M 836M 18% / boot/dev/sda1 200M 12M 189M 6% / boot/efi/dev/mapper/centos-home 73G 33M 72G 1% / datatmpfs 174M 0174M 0% / run/user/010.4.7.21 | | SUCCESS | rc=0 > > Filesystem Size Used Avail Use% Mounted on/dev/mapper/centos-root 50G 1.4G 49G 3% / devtmpfs 3.8G 0 3.8g 0% / devtmpfs 3.9G 03.9G 0% / dev/shmtmpfs 3.9G 8.4m 3.8G 1% / runtmpfs | 3.9G 03.9G 0% / sys/fs/cgroup/dev/sda2 1014M 179M 836M 18% / boot/dev/sda1 200M 12M 189m 6% / boot/efi/dev/mapper/centos-home 73G 33M 72G 1% / datatmpfs 779M 0779M 0% / run/user/0

Use requirements of Ansible

Requirements of the server

Python2.6/2.7/3.x

Redhat,Debian,centos,os x, etc., do not support windows

Because ansible is written by python, it is necessary to have a python environment. Ansible was acquired by redhat in October of 15, and python has been installed by centos by default.

Requirements of the managed side

Openssh,linux distributions generally use openssh and also need python. They will use python scripts to execute the modules we use, and finally package the scripts we use, execute them on the managed side, and return the results to ansible.

Python2.6/2.7/3.x

The way to install ansible supports yum, which is also recommended. For example, the Redhat kernel debian supports their own software packages to install ansible.

You can also install it through pip. In fact, ansible is also a module of python

It can also be installed through the source package.

Https://releases.ansible.com/ansible or https://github.com/ansible/ansible.git

Configuration file for ansible

[root@ansible ~] # vim / etc/ansible/ansible.cfgsome basic default values...#inventory = / etc/ansible/hosts#library = / usr/share/my_modules/#module_utils = / usr/share/my_module_utils/#remote_tmp = ~ / .ansible/tmp#local_tmp = ~ / .ansible / tmp#forks = 5#poll_interval = 15#sudo_user = root#ask_sudo_pass = True#ask_pass = True#transport = smart#remote_port = 22#module_lang = C#module_set_locale = False

Here are a few important ones, inventory-/ etc/ansible/hosts

This is the list of hosts on the managed side.

Fork is the number of concurrency of ansible worker processes. It defaults to 5. You can adjust this according to the number of hosts you manage. At the same time, increasing this concurrency will increase the load on your server.

Sudo_user: it is to raise rights. If you are an ordinary user under linux, if you want to perform operations in root mode, do you need sudo, or su-cut to root user operations? this is called rights raising.

Remote_port=22, which operates the port of the target host. Ssh defaults to 22, which is also the default here.

If Host_key_checking=false is enabled, we can avoid typing yes/no when we log in to a host for the first time, but there is also a disadvantage in opening this, that is, when our server reinstalls the system, then this place will fail and report an error. Of course, it can also be solved. It is OK to clear the historical login record under know_hosts, but this does not affect the use.

Log_path=/var/log/ansible.log is to record the log, record some basic operations, you can open it.

Private_key_file=/root/.ssh/id_rsa, which is the private key of specified key authentication, the authentication method of connecting linux is password-based authentication, one is the authentication based on key pair, the authentication based on key pair is relatively secure, and the verification of digital certificate is based on ssh, but it is also difficult to crack to meet the complexity of password.

Inventory host list

[root@ansible ~] # vim / etc/ansible/hosts

For example, when ansible operates our infrastructure mainframe, it operates through this / etc/ansible/hosts.

There is an ungrouped group in this configuration, which is assigned to the group of auto, that is, the default group. We can configure it according to IP or hostname.

Ex 1: Ungrouped hosts, specify before any group headers.green.example.comblue.example.com192.168.100.1192.168.100.10

The use of Ansible's execution command

[root@ansible] # ansible-- help

Usage: ansible [options]

The mode of the host-> option, is to match in your host list

This all matches all your host groups, and it will match without adding host groups.

-m command can be omitted, which is the default

[root@ansible ~] # ansible all-a "free-m" 10.4.7.12 | SUCCESS | rc=0 > > total used free shared buff/cache availableMem: 1738 121 1475 8 141 1456Swap: 3839 0383910.7.21 | SUCCESS | rc=0 > > total Used free shared buff/cache availableMem: 7785 7479 8 143 7403Swap: 3839 0383910.4.7.22 | SUCCESS | rc=0 > > total used free shared buff/cache availableMem: 7785 159 7482 8 144 7406Swap: 0 0 0

You can also enter ip directly, and you can also see

[root@ansible ~] # ansible 10.4.7.12-a "df-h" 10.4.7.12 | SUCCESS | rc=0 > > Filesystem Size Used Avail Use% Mounted on/dev/mapper/centos-root 50G 1.4G 49G 3% / devtmpfs 858m 0858m 0% / devtmpfs 870M 0870M 0% / dev/shmtmpfs 870m 8.4m 861m 1% / runtmpfs 870M 0870M 0% / sys/fs/cgroup/dev/sda2 1014M 179M 836M 18% / boot/dev/sda1 200M 12M 189m 6% / boot/efi/dev/mapper/centos-home 73G 33M 72G 1% / datatmpfs 174M 0174M 0% / run/user/0

Then there are variables, which can dynamically interact with the user, pass parameters, and let ansible do the specified things, which makes it more flexible.

The official document of Ansible is docs.ansible.com.

Ansible and ploybook,doc are commonly used.

There are also a lot of other modules, which are not needed for the time being.

For example, the use of variables

[webservers] 10.4.7.21 ansible_ssh_user=root ansible_ssh_pass=666666 http_port=8010.4.7.22 ansible_ssh_user=root ansible_ssh_pass=666666 http_port= 80 [root @ ansible ~] # ansible webservers-a "echo {{http_port}}" 10.4.7.22 | SUCCESS | rc=0 > > 8010.4.7.21 | SUCCESS | rc=0 > > 80

The use of the group variable, define the vars, and this variable will be called when it is used

[webservers:vars] http_port=8080server_name= www.devops.com [root @ ansible ~] # ansible webservers-a "echo {{http_port}}" 10.4.7.21 | SUCCESS | rc=0 > > 8010.4.7.22 | SUCCESS | rc=0 > 8080 [root@ansible ~] # ansible webservers-a "echo {{server_name}}" 10.4.7.22 | SUCCESS | rc=0 > www.devops.com10.4.7.21 | SUCCESS | rc=0 > > www.devops.com

You can also write it separately under / etc/ansible/group_vars/webservers.yml, which will read the variables in your group by default. It is more convenient to use yml mode.

Http_port: 8090

Server_name: xiabanle

[root@ansible group_vars] # ansible webservers-a "echo {{http_port}}" 10.4.7.22 | SUCCESS | rc=0 > > 809010.4.7.21 | SUCCESS | rc=0 > > 8090 [root@ansible group_vars] # ansible webservers-a "echo {{server_name}}" 10.4.7.22 | SUCCESS | rc=0 > > xiabanle10.4.7.21 | SUCCESS | rc=0 > > xiabanle

Ad-hoc command

Common options for command tools Ssh password authentication Ssh key pair authentication

What we used before is the way we use the ad-hoc command to execute a command to use our ansible

The characteristic of this kind of operation is that it can perform certain operation quickly. Ad-hoc is the batch management that we often use, and ploybook is the choreography of one of our applications.

Use the shell module to create files in batch on the host group

[root@ansible ~] # ansible webservers-m shell-a "mkdir / opt/devops" [WARNING]: Consider using file module with state=directory rather than running mkdir10.4.7.21 | SUCCESS | rc=0 > > 10.4.7.22 | SUCCESS | rc=0 > > [root@ansible ~] # ansible webservers-m shell-a "ls / opt/" 10.4.7.22 | SUCCESS | rc=0 > > devopstest10.4.7.21 | SUCCESS | rc=0 > devopstest

Check which hosts are designed for this operation.

[root@ansible] # ansible webservers-- list-hosts hosts (2): 10.4.7.2110.4.7.22

View the details encountered by the exported command

[root@ansible] # ansible webservers-vvv-a "ls / opt/devops"

Authentication of Ssh key pair

First create a key pair

[root@ansible ~] # ssh-keygen

This rsa.pub is the public key, and this is placed on the target host. The id_rsa uses this private key for login authentication.

[root@ansible .ssh] # lsid_rsa id_rsa.pub known_hosts

There are two ways to put it over. The first way is to view the contents of the public key and copy it to the target host authentication key.

Another way is through ssh-copy-id, so that it can be transmitted directly to the authorized_keys of the target host.

[root@ansible .ssh] # ssh-copy-id root@10.4.7.21

This is to save the public key on your ansible host.

[root@aaa ~] # cat .ssh / authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRgvupMdkSCz2tP1WOig7h736iqHdFMWVdMoYnmgpe8EUp/Xmuwf66dVv/RrDvs6jyPtlnlQtBVtEYJCwsuumgLXcSp+XwyICLe5cetYGYRa3ByhIiJPxrfkLCnLGHAHKl0dBnxN2286Rsg1D1NgRLFGVS+MF1Hj6CPgHhLc+eTusDv4tZXCFGdJoyT99jJCAwpc1N/pbJhoS/t4g+fxZ7nCrRkLS49i8Mo7KuLjtfwlB4yDbh2bzdG60rzF71k8asJlBj3GcSmtEhqmw7xyv2qcqCq/CvpscUhJ4ZIrz4xs6Jq2IKBhgQiptCnDis15b6Cj6R3mY3XLf4sruX/hyh root@ansible

In this way, you can log in without interaction.

In this case, the hosts file only needs to write the IP or domain name.

Common modules of Ansible

Execute shell commands (command and shell)

File transfer (copy and file) can copy files and create directories

Management package (yum)

Users and groups (user)

Pull source code from the source code management system deployment (git) from the git repository

Management Services (service)

Collect target host information (setup)

The Copy module copies the file over

[root@ansible ~] # ansible webservers-m copy-a "src=/root/Dockerfile dest=/tmp" View Target already has [root@ansible ~] # ansible webservers-a "ls / tmp"

The File module creates files on the management side

Create a directory state=directory

Create a file state=touch

Delete directory / file state=absent

[root@ansible] # ansible webservers-m file-a "dest=/tmp/xiaoming state=file"

The Yum module installs the yum package on the managed side

Yum Command state=present

Uninstall the command State=absent

[root@ansible] # ansible webservers-m yum-a "name=vim state=present"

User module, creating user

[root@ansible] # ansible webservers-m user-a "name=foo password=66666"

Delete user: state=absent

Service module, we start a service and stop a service.

Test a memcache to test the start and stop of the service

Start state=started

Stop state=stopped

Boot and start enabled=true

Restart state=restarted

Start

[root@ansible ~] # ansible webservers-m yum-a "name=memcached state=present" [root@ansible ~] # ansible webservers-m service-a "name=memcached" [root@ansible ~] # ansible webservers-m shell-a "ps-ef | grep memcached"

Stop it

[root@ansible] # ansible webservers-m service-a "name=memcached state=stopped"

Add memcached to boot boot

[root@ansible] # ansible webservers-m service-a "name=memcached enabled=true"

Reboot is restarted.

The Set up module collects system information

This will also write some variables, the current host variables when we use ploybook

[root@ansible] # ansible webservers-m setup

We can filter some of this information to filter some of the system information we want, such as getting the host name.

[root@ansible ~] # ansible webservers-m setup-a "filter=ansible_hostname" 10.4.7.21 | SUCCESS = > {"ansible_facts": {"ansible_hostname": "k8s-node1"}, "changed": false} 10.4.7.12 | SUCCESS = > {"ansible_facts": {"ansible_hostname": "k8s-master"} "changed": false} 10.4.7.22 | SUCCESS = > {"ansible_facts": {"ansible_hostname": "k8s-node2"}, "changed": false}

View memory usage

[root@ansible] # ansible webservers-m setup-a "filter=ansible_*_mb"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.